DefenderYara/TrojanSpy/Win32/Webmoner/TrojanSpy_Win32_Webmoner_J.yar

rule TrojanSpy_Win32_Webmoner_J{
	meta:
		description = "TrojanSpy:Win32/Webmoner.J,SIGNATURE_TYPE_PEHSTR_EXT,03 00 03 00 03 00 00 01 00 "
		
	strings :
		$a_01_0 = {31 35 32 25 37 76 2e 51 30 46 2e 33 30 79 2e 2a 31 37 } //01 00  152%7v.Q0F.30y.*17
		$a_01_1 = {74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 20 64 66 73 64 66 73 64 66 20 75 69 68 69 75 61 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 74 68 } //01 00  ttttttttttttttttt dfsdfsdf uihiuattttttttttttttttttth
		$a_02_2 = {5c 26 73 23 79 32 73 57 74 37 65 2a 6d 6d 33 2f 32 77 5c 57 64 63 72 2a 69 23 76 51 65 32 72 35 73 77 5c 46 65 77 74 38 63 37 5c 26 68 2a 6f 35 73 23 74 37 73 26 00 00 90 01 08 5c 62 73 37 76 32 63 37 68 79 90 00 } //00 00 
	condition:
		any of ($a_*)
 
}